CVE-2020-3401: Cisco SD-WAN vManage Software Path Traversal Vulnerability
First published: Wed Jul 15 2020(Updated: )
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Sd-wan Firmware | <=19.2.2 | |
| Cisco 1100-4g Integrated Services Router | ||
| Cisco 1100-4gltegb Integrated Services Router | ||
| Cisco 1100-4gltena Integrated Services Router | ||
| Cisco 1100-6g Integrated Services Router | ||
| Cisco Vedge 100 | ||
| Cisco Vedge 1000 | ||
| Cisco Vedge 100b | ||
| Cisco Vedge 100m | ||
| Cisco Vedge 100wm | ||
| Cisco Vedge 2000 | ||
| Cisco Vedge 5000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3401?
CVE-2020-3401 is a vulnerability in the web-based management interface of Cisco SD-WAN vManage Software that allows an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system.
How does CVE-2020-3401 affect Cisco SD-WAN vManage Software?
CVE-2020-3401 affects Cisco SD-WAN vManage Software by allowing an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files.
What is the severity of CVE-2020-3401?
CVE-2020-3401 has a severity rating of 6.5 (Medium).
Which versions of Cisco SD-WAN vManage Software are affected by CVE-2020-3401?
CVE-2020-3401 affects Cisco SD-WAN vManage Software up to and including version 19.2.2.
How can I fix CVE-2020-3401?
To fix CVE-2020-3401, it is recommended to upgrade to a version of Cisco SD-WAN vManage Software that is not affected by the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco sd-wan firmware
- version/cisco sd-wan firmware/19.2.2
- canonical/cisco 1100-4g integrated services router
- canonical/cisco 1100-4gltegb integrated services router
- canonical/cisco 1100-4gltena integrated services router
- canonical/cisco 1100-6g integrated services router
- canonical/cisco vedge 100
- canonical/cisco vedge 1000
- canonical/cisco vedge 100b
- canonical/cisco vedge 100m
- canonical/cisco vedge 100wm
- canonical/cisco vedge 2000
- canonical/cisco vedge 5000